1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #include <keymaster/key_blob_utils/software_keyblobs.h>
19 
20 #include <stdint.h>
21 
22 #include <hardware/keymaster_defs.h>
23 
24 #include <keymaster/UniquePtr.h>
25 #include <keymaster/android_keymaster_utils.h>
26 #include <keymaster/authorization_set.h>
27 #include <keymaster/key.h>
28 #include <keymaster/key_blob_utils/auth_encrypted_key_blob.h>
29 #include <keymaster/key_blob_utils/integrity_assured_key_blob.h>
30 #include <keymaster/key_blob_utils/ocb_utils.h>
31 #include <keymaster/km_openssl/openssl_err.h>
32 #include <keymaster/km_openssl/openssl_utils.h>
33 #include <keymaster/logger.h>
34 
35 #include <openssl/aes.h>
36 
37 namespace keymaster {
38 
39 static uint8_t SWROT[2] = {'S', 'W'};
40 KeymasterBlob softwareRootOfTrust(SWROT);
41 
42 namespace {
43 
UpgradeIntegerTag(keymaster_tag_t tag,uint32_t value,AuthorizationSet * set,bool * set_changed)44 bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, AuthorizationSet* set,
45                        bool* set_changed) {
46     int index = set->find(tag);
47     if (index == -1) {
48         keymaster_key_param_t param;
49         param.tag = tag;
50         param.integer = value;
51         set->push_back(param);
52         *set_changed = true;
53         return true;
54     }
55 
56     if (set->params[index].integer > value) return false;
57 
58     if (set->params[index].integer != value) {
59         set->params[index].integer = value;
60         *set_changed = true;
61     }
62     return true;
63 }
64 
TranslateAuthorizationSetError(AuthorizationSet::Error err)65 keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) {
66     switch (err) {
67     case AuthorizationSet::OK:
68         return KM_ERROR_OK;
69     case AuthorizationSet::ALLOCATION_FAILURE:
70         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
71     case AuthorizationSet::MALFORMED_DATA:
72         return KM_ERROR_UNKNOWN_ERROR;
73     }
74     return KM_ERROR_OK;
75 }
76 
77 }  // anonymous namespace
78 
BuildHiddenAuthorizations(const AuthorizationSet & input_set,AuthorizationSet * hidden,const KeymasterBlob & root_of_trust)79 keymaster_error_t BuildHiddenAuthorizations(const AuthorizationSet& input_set,
80                                             AuthorizationSet* hidden,
81                                             const KeymasterBlob& root_of_trust) {
82     keymaster_blob_t entry;
83     if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry))
84         hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length);
85     if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry))
86         hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length);
87 
88     hidden->push_back(TAG_ROOT_OF_TRUST, root_of_trust);
89 
90     return TranslateAuthorizationSetError(hidden->is_valid());
91 }
92 
FakeKeyAuthorizations(EVP_PKEY * pubkey,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)93 keymaster_error_t FakeKeyAuthorizations(EVP_PKEY* pubkey, AuthorizationSet* hw_enforced,
94                                         AuthorizationSet* sw_enforced) {
95     hw_enforced->Clear();
96     sw_enforced->Clear();
97 
98     switch (EVP_PKEY_type(pubkey->type)) {
99     case EVP_PKEY_RSA: {
100         hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
101         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
102         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
103         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
104         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
105         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
106         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
107         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
108         hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE);
109         hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
110         hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
111         hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS);
112         hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
113 
114         sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
115         sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
116         sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
117         sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
118 
119         RSA_Ptr rsa(EVP_PKEY_get1_RSA(pubkey));
120         if (!rsa) return TranslateLastOpenSslError();
121         hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8);
122         uint64_t public_exponent = BN_get_word(rsa->e);
123         if (public_exponent == 0xffffffffL) return KM_ERROR_INVALID_KEY_BLOB;
124         hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
125         break;
126     }
127 
128     case EVP_PKEY_EC: {
129         hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
130         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
131         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
132         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
133         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
134         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
135         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
136         hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
137 
138         sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
139         sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
140 
141         UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey));
142         if (!ec_key.get()) return TranslateLastOpenSslError();
143         size_t key_size_bits;
144         keymaster_error_t error =
145             ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &key_size_bits);
146         if (error != KM_ERROR_OK) return error;
147         hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits);
148         break;
149     }
150 
151     default:
152         return KM_ERROR_UNSUPPORTED_ALGORITHM;
153     }
154 
155     sw_enforced->push_back(TAG_ALL_USERS);
156     sw_enforced->push_back(TAG_NO_AUTH_REQUIRED);
157 
158     return KM_ERROR_OK;
159 }
160 
161 // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's
162 // unwrap_key function, modified for the preferred function signature and formatting.  It does some
163 // odd things, but they have been left unchanged to avoid breaking compatibility.
164 static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'};
ParseOldSoftkeymasterBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)165 keymaster_error_t ParseOldSoftkeymasterBlob(const KeymasterKeyBlob& blob,
166                                             KeymasterKeyBlob* key_material,
167                                             AuthorizationSet* hw_enforced,
168                                             AuthorizationSet* sw_enforced) {
169     long publicLen = 0;   // NOLINT(google-runtime-int)
170     long privateLen = 0;  // NOLINT(google-runtime-int)
171     const uint8_t* p = blob.key_material;
172     const uint8_t* end = blob.key_material + blob.key_material_size;
173 
174     int type = 0;
175     ptrdiff_t min_size =
176         sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1;
177     if (end - p < min_size) {
178         LOG_W("key blob appears to be truncated (if an old SW key)", 0);
179         return KM_ERROR_INVALID_KEY_BLOB;
180     }
181 
182     if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0) return KM_ERROR_INVALID_KEY_BLOB;
183     p += sizeof(SOFT_KEY_MAGIC);
184 
185     for (size_t i = 0; i < sizeof(type); i++) {
186         type = (type << 8) | *p++;
187     }
188 
189     for (size_t i = 0; i < sizeof(type); i++) {
190         publicLen = (publicLen << 8) | *p++;
191     }
192 
193     if (p + publicLen > end) {
194         LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
195         return KM_ERROR_INVALID_KEY_BLOB;
196     }
197     p += publicLen;
198 
199     if (end - p < 2) {
200         LOG_W("key blob appears to be truncated (if an old SW key)", 0);
201         return KM_ERROR_INVALID_KEY_BLOB;
202     }
203 
204     for (size_t i = 0; i < sizeof(type); i++)
205         privateLen = (privateLen << 8) | *p++;
206 
207     if (p + privateLen > end) {
208         LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
209         return KM_ERROR_INVALID_KEY_BLOB;
210     }
211 
212     // Just to be sure, make sure that the ASN.1 structure parses correctly.  We don't actually use
213     // the EVP_PKEY here.
214     const uint8_t* key_start = p;
215     EVP_PKEY_Ptr pkey(d2i_PrivateKey(type, nullptr, &p, privateLen));
216     if (pkey.get() == nullptr) {
217         LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0);
218         return KM_ERROR_INVALID_KEY_BLOB;
219     }
220 
221     // All auths go into sw_enforced, including those that would be HW-enforced if we were faking
222     // auths for a HW-backed key.
223     hw_enforced->Clear();
224     keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced);
225     if (error != KM_ERROR_OK) return error;
226 
227     if (!key_material->Reset(privateLen)) return KM_ERROR_MEMORY_ALLOCATION_FAILED;
228     memcpy(key_material->writable_data(), key_start, privateLen);
229 
230     return KM_ERROR_OK;
231 }
232 
233 static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
234 const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes));
235 
ParseAuthEncryptedBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & hidden,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)236 keymaster_error_t ParseAuthEncryptedBlob(const KeymasterKeyBlob& blob,
237                                          const AuthorizationSet& hidden,
238                                          KeymasterKeyBlob* key_material,
239                                          AuthorizationSet* hw_enforced,
240                                          AuthorizationSet* sw_enforced) {
241     keymaster_error_t error;
242     DeserializedKey key = DeserializeAuthEncryptedBlob(blob, &error);
243     if (error != KM_ERROR_OK) return error;
244 
245     *key_material = DecryptKey(key, hidden, MASTER_KEY, &error);
246     *hw_enforced = move(key.hw_enforced);
247     *sw_enforced = move(key.sw_enforced);
248     return error;
249 }
250 
SetKeyBlobAuthorizations(const AuthorizationSet & key_description,keymaster_key_origin_t origin,uint32_t os_version,uint32_t os_patchlevel,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)251 keymaster_error_t SetKeyBlobAuthorizations(const AuthorizationSet& key_description,
252                                            keymaster_key_origin_t origin, uint32_t os_version,
253                                            uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
254                                            AuthorizationSet* sw_enforced) {
255     sw_enforced->Clear();
256 
257     for (auto& entry : key_description) {
258         switch (entry.tag) {
259         // These cannot be specified by the client.
260         case KM_TAG_BOOT_PATCHLEVEL:
261         case KM_TAG_ORIGIN:
262         case KM_TAG_OS_PATCHLEVEL:
263         case KM_TAG_OS_VERSION:
264         case KM_TAG_ROOT_OF_TRUST:
265         case KM_TAG_VENDOR_PATCHLEVEL:
266             LOG_E("Root of trust and origin tags may not be specified", 0);
267             return KM_ERROR_INVALID_TAG;
268 
269         case KM_TAG_ALLOW_WHILE_ON_BODY:
270             // Not supported, but is specified to noop in that case (vs error).
271             LOG_W("No on-body detection supported, skipping tag %d", entry.tag);
272             break;
273 
274         // These aren't supported by SoftKeymaster.
275         case KM_TAG_DEVICE_UNIQUE_ATTESTATION:
276         case KM_TAG_ECIES_SINGLE_HASH_MODE:
277         case KM_TAG_EXPORTABLE:
278         case KM_TAG_IDENTITY_CREDENTIAL_KEY:
279         case KM_TAG_KDF:
280         case KM_TAG_ROLLBACK_RESISTANT:
281         case KM_TAG_STORAGE_KEY:
282             LOG_E("Tag %d not supported by SoftKeymaster", entry.tag);
283             return KM_ERROR_UNSUPPORTED_TAG;
284 
285         // If the hardware enforce list contains this tag, means we are
286         // pretending to be some secure hardware which has secure storage.
287         case KM_TAG_ROLLBACK_RESISTANCE:
288             if (hw_enforced->GetTagCount(entry.tag) != 0)
289                 break;
290             else {
291                 LOG_E("Tag %d not supported by SoftKeymaster", entry.tag);
292                 return KM_ERROR_UNSUPPORTED_TAG;
293             }
294 
295         // These are hidden.
296         case KM_TAG_APPLICATION_DATA:
297         case KM_TAG_APPLICATION_ID:
298             break;
299 
300         // These should not be in key descriptions because they're for operation parameters.
301         case KM_TAG_ASSOCIATED_DATA:
302         case KM_TAG_AUTH_TOKEN:
303         case KM_TAG_CONFIRMATION_TOKEN:
304         case KM_TAG_INVALID:
305         case KM_TAG_MAC_LENGTH:
306         case KM_TAG_NONCE:
307             LOG_E("Tag %d not allowed in key generation/import", entry.tag);
308             break;
309 
310         // These are provided to support attesation key generation, but should not be included in
311         // the key characteristics.
312         case KM_TAG_ATTESTATION_APPLICATION_ID:
313         case KM_TAG_ATTESTATION_CHALLENGE:
314         case KM_TAG_ATTESTATION_ID_BRAND:
315         case KM_TAG_ATTESTATION_ID_DEVICE:
316         case KM_TAG_ATTESTATION_ID_IMEI:
317         case KM_TAG_ATTESTATION_ID_MANUFACTURER:
318         case KM_TAG_ATTESTATION_ID_MEID:
319         case KM_TAG_ATTESTATION_ID_MODEL:
320         case KM_TAG_ATTESTATION_ID_PRODUCT:
321         case KM_TAG_ATTESTATION_ID_SERIAL:
322         case KM_TAG_CERTIFICATE_SERIAL:
323         case KM_TAG_CERTIFICATE_SUBJECT:
324         case KM_TAG_CERTIFICATE_NOT_BEFORE:
325         case KM_TAG_CERTIFICATE_NOT_AFTER:
326         case KM_TAG_RESET_SINCE_ID_ROTATION:
327             break;
328 
329         // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in
330         // hw_enforced, in which case we defer to its decision.
331         case KM_TAG_ACTIVE_DATETIME:
332         case KM_TAG_ALGORITHM:
333         case KM_TAG_ALL_APPLICATIONS:
334         case KM_TAG_ALL_USERS:
335         case KM_TAG_AUTH_TIMEOUT:
336         case KM_TAG_BLOB_USAGE_REQUIREMENTS:
337         case KM_TAG_BLOCK_MODE:
338         case KM_TAG_BOOTLOADER_ONLY:
339         case KM_TAG_CALLER_NONCE:
340         case KM_TAG_CREATION_DATETIME:
341         case KM_TAG_DIGEST:
342         case KM_TAG_EARLY_BOOT_ONLY:
343         case KM_TAG_EC_CURVE:
344         case KM_TAG_INCLUDE_UNIQUE_ID:
345         case KM_TAG_KEY_SIZE:
346         case KM_TAG_MAX_BOOT_LEVEL:
347         case KM_TAG_MAX_USES_PER_BOOT:
348         case KM_TAG_MIN_MAC_LENGTH:
349         case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
350         case KM_TAG_NO_AUTH_REQUIRED:
351         case KM_TAG_ORIGINATION_EXPIRE_DATETIME:
352         case KM_TAG_PADDING:
353         case KM_TAG_PURPOSE:
354         case KM_TAG_RSA_OAEP_MGF_DIGEST:
355         case KM_TAG_RSA_PUBLIC_EXPONENT:
356         case KM_TAG_TRUSTED_CONFIRMATION_REQUIRED:
357         case KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED:
358         case KM_TAG_UNIQUE_ID:
359         case KM_TAG_UNLOCKED_DEVICE_REQUIRED:
360         case KM_TAG_USAGE_COUNT_LIMIT:
361         case KM_TAG_USAGE_EXPIRE_DATETIME:
362         case KM_TAG_USER_AUTH_TYPE:
363         case KM_TAG_USER_ID:
364         case KM_TAG_USER_SECURE_ID:
365             if (hw_enforced->GetTagCount(entry.tag) == 0) sw_enforced->push_back(entry);
366             break;
367         }
368     }
369 
370     // If hw_enforced is non-empty, we're pretending to be some sort of secure hardware.
371     AuthorizationSet* pseudo_hw_enforced = (hw_enforced->empty()) ? sw_enforced : hw_enforced;
372     pseudo_hw_enforced->push_back(TAG_ORIGIN, origin);
373     pseudo_hw_enforced->push_back(TAG_OS_VERSION, os_version);
374     pseudo_hw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel);
375 
376     // Honor caller creation, if provided.
377     if (!sw_enforced->Contains(TAG_CREATION_DATETIME)) {
378         sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(nullptr)));
379     }
380 
381     return TranslateAuthorizationSetError(sw_enforced->is_valid());
382 }
383 
ExtendKeyBlobAuthorizations(AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,std::optional<uint32_t> vendor_patchlevel,std::optional<uint32_t> boot_patchlevel)384 keymaster_error_t ExtendKeyBlobAuthorizations(AuthorizationSet* hw_enforced,
385                                               AuthorizationSet* sw_enforced,
386                                               std::optional<uint32_t> vendor_patchlevel,
387                                               std::optional<uint32_t> boot_patchlevel) {
388     // If hw_enforced is non-empty, we're pretending to be some sort of secure hardware.
389     AuthorizationSet* pseudo_hw_enforced = (hw_enforced->empty()) ? sw_enforced : hw_enforced;
390     if (vendor_patchlevel.has_value()) {
391         pseudo_hw_enforced->push_back(TAG_VENDOR_PATCHLEVEL, vendor_patchlevel.value());
392     }
393     if (boot_patchlevel.has_value()) {
394         pseudo_hw_enforced->push_back(TAG_BOOT_PATCHLEVEL, boot_patchlevel.value());
395     }
396     return TranslateAuthorizationSetError(sw_enforced->is_valid());
397 }
398 
UpgradeSoftKeyBlob(const UniquePtr<Key> & key,const uint32_t os_version,const uint32_t os_patchlevel,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key)399 keymaster_error_t UpgradeSoftKeyBlob(const UniquePtr<Key>& key, const uint32_t os_version,
400                                      const uint32_t os_patchlevel,
401                                      const AuthorizationSet& upgrade_params,
402                                      KeymasterKeyBlob* upgraded_key) {
403     return FullUpgradeSoftKeyBlob(key, os_version, os_patchlevel,
404                                   /* vendor_patchlevel= */ std::nullopt,
405                                   /* boot_patchlevel= */ std::nullopt,  //
406                                   upgrade_params, upgraded_key);
407 }
408 
FullUpgradeSoftKeyBlob(const UniquePtr<Key> & key,const uint32_t os_version,uint32_t os_patchlevel,std::optional<uint32_t> vendor_patchlevel,std::optional<uint32_t> boot_patchlevel,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key)409 keymaster_error_t FullUpgradeSoftKeyBlob(const UniquePtr<Key>& key, const uint32_t os_version,
410                                          uint32_t os_patchlevel,
411                                          std::optional<uint32_t> vendor_patchlevel,
412                                          std::optional<uint32_t> boot_patchlevel,
413                                          const AuthorizationSet& upgrade_params,
414                                          KeymasterKeyBlob* upgraded_key) {
415     bool set_changed = false;
416 
417     if (os_version == 0) {
418         // We need to allow "upgrading" OS version to zero, to support upgrading from proper
419         // numbered releases to unnumbered development and preview releases.
420 
421         int key_os_version_pos = key->sw_enforced().find(TAG_OS_VERSION);
422         if (key_os_version_pos != -1) {
423             uint32_t key_os_version = key->sw_enforced()[key_os_version_pos].integer;
424             if (key_os_version != 0) {
425                 key->sw_enforced()[key_os_version_pos].integer = os_version;
426                 set_changed = true;
427             }
428         }
429     }
430 
431     if (!UpgradeIntegerTag(TAG_OS_VERSION, os_version, &key->sw_enforced(), &set_changed) ||
432         !UpgradeIntegerTag(TAG_OS_PATCHLEVEL, os_patchlevel, &key->sw_enforced(), &set_changed) ||
433         (vendor_patchlevel.has_value() &&
434          !UpgradeIntegerTag(TAG_VENDOR_PATCHLEVEL, vendor_patchlevel.value(), &key->sw_enforced(),
435                             &set_changed)) ||
436         (boot_patchlevel.has_value() &&
437          !UpgradeIntegerTag(TAG_BOOT_PATCHLEVEL, boot_patchlevel.value(), &key->sw_enforced(),
438                             &set_changed))) {
439         // One of the version fields would have been a downgrade. Not allowed.
440         return KM_ERROR_INVALID_ARGUMENT;
441     }
442 
443     if (!set_changed) {
444         // Dont' need an upgrade.
445         return KM_ERROR_OK;
446     }
447 
448     AuthorizationSet hidden;
449     auto error = BuildHiddenAuthorizations(upgrade_params, &hidden, softwareRootOfTrust);
450     if (error != KM_ERROR_OK) return error;
451     return SerializeIntegrityAssuredBlob(key->key_material(), hidden, key->hw_enforced(),
452                                          key->sw_enforced(), upgraded_key);
453 }
454 
455 }  // namespace keymaster
456